Overview
overview
10Static
static
10W32.Mydoom.htm
windows7-x64
3W32.Mydoom.htm
windows10-2004-x64
3W32.Mydoom...enu.js
windows7-x64
3W32.Mydoom...enu.js
windows10-2004-x64
3W32.Mydoom...new.js
windows7-x64
3W32.Mydoom...new.js
windows10-2004-x64
3W32.Mydoom...enu.js
windows7-x64
3W32.Mydoom...enu.js
windows10-2004-x64
3f-mydoom.exe
windows7-x64
7f-mydoom.exe
windows10-2004-x64
7strip-girl...es.exe
windows7-x64
10strip-girl...es.exe
windows10-2004-x64
10Analysis
-
max time kernel
145s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
16-09-2024 14:13
Behavioral task
behavioral1
Sample
W32.Mydoom.htm
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
W32.Mydoom.htm
Resource
win10v2004-20240802-en
Behavioral task
behavioral3
Sample
W32.Mydoom_files/main_menu.js
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
W32.Mydoom_files/main_menu.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral5
Sample
W32.Mydoom_files/main_menu_new.js
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
W32.Mydoom_files/main_menu_new.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral7
Sample
W32.Mydoom_files/menu.js
Resource
win7-20240708-en
Behavioral task
behavioral8
Sample
W32.Mydoom_files/menu.js
Resource
win10v2004-20240802-en
Behavioral task
behavioral9
Sample
f-mydoom.exe
Resource
win7-20240708-en
Behavioral task
behavioral10
Sample
f-mydoom.exe
Resource
win10v2004-20240802-en
Behavioral task
behavioral11
Sample
strip-girl-2.0bdcom_patches.exe
Resource
win7-20240903-en
General
-
Target
W32.Mydoom.htm
-
Size
39KB
-
MD5
10a5ce311f8f925a5d180d01aa62b560
-
SHA1
3b9eae541c1bda796a8a29671671d666a32d68f5
-
SHA256
666c6ad2b3bdeac9c0d42a263631958b3e2e77b197859559b90b5a193b3c81ca
-
SHA512
e322dc16f5b2b689102ab55c2a7c8eaed00d4c514d44c3445b91d1a60fd5be2edaf753396932d3b27d020e054a822fb704454e86c107a9e6e81e82b183c477b8
-
SSDEEP
768:/DS7/t18rlh0iofFsJUxcuhupvjMktozccKc:/DS7/t18rkio9sJUxc6AcKc
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
Processes:
msedge.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe -
Suspicious behavior: EnumeratesProcesses 10 IoCs
Processes:
msedge.exemsedge.exeidentity_helper.exemsedge.exepid process 1464 msedge.exe 1464 msedge.exe 3144 msedge.exe 3144 msedge.exe 4960 identity_helper.exe 4960 identity_helper.exe 2864 msedge.exe 2864 msedge.exe 2864 msedge.exe 2864 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
Processes:
msedge.exepid process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of FindShellTrayWindow 25 IoCs
Processes:
msedge.exepid process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of SendNotifyMessage 24 IoCs
Processes:
msedge.exepid process 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe 3144 msedge.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
msedge.exedescription pid process target process PID 3144 wrote to memory of 3908 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 3908 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 5012 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1464 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 1464 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe PID 3144 wrote to memory of 740 3144 msedge.exe msedge.exe
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\W32.Mydoom.htm1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffacb846f8,0x7fffacb84708,0x7fffacb847182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,12325494731945514687,4221517095811407501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59b008261dda31857d68792b46af6dd6d
SHA1e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3
SHA2569ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da
SHA51278853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD50446fcdd21b016db1f468971fb82a488
SHA1726b91562bb75f80981f381e3c69d7d832c87c9d
SHA25662c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222
SHA5121df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
5KB
MD5ed156231faadb94cdb1fe1e95054763a
SHA1b09dd147006f6f39e2adfabd3f34924537da27fe
SHA256cdb3ffda8c6809cab576402932328e719b326ee239a83aaac27c7c46609d9a08
SHA512b290e917b27587f639756ac4632c71aaa3355777d34d1df1ec9572b6c53840cf545fe893d6608262bd6733cf48ca981b4de71c0a723d062003f400f3bdb95b3c
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD5c3fe0c38366e9ca7f9367fb383ff28ef
SHA1fc83016c8e42b856dd9749e731259d8b2f60193d
SHA2568bce0e43d75c6d98d1b8da35a4a0da371cf5913ac86d8d744f205e128e60cb23
SHA512e266a26ddb43d5012a3d2ff4b66cffa44d0307ff335efbb50464b15e5972460ea672f42d46d8b971f06e790edea353cf4b68b1a8ecf3a7c71b0c283be1435b9e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
10KB
MD5651284ff7e18681f3f0ee73a80e62899
SHA1adfb205f66eda3d64e6035b03782fb17c6061d13
SHA256fbd85c18a5e56408ed0bc7fab30fc3a5b51a50bf13f7adff9dd71b23954965b1
SHA51215e8bd4baf8fdef0f91137ac77dcd880b6db3177c8f70cb43912244ce0ed2dfa187bd893d406516914369e5fc6eb409f4e4d289312d10d3f8a235e8dcd735df6
-
\??\pipe\LOCAL\crashpad_3144_PFLQQSULMHMIMCKUMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e